Creating SSL Keys and Certificates Using OpenSSL

If you plan to use the Apache Portable Runtime for Tomcat/JBoss with SSL, you have to use the OpenSSL cryptographic library to create the server’s private key, and if needed, a self-signed certificate.

2) Create a configuration file (openssl.cnf) for OpenSSL and save it in the OpenSSL folder. You can use this sample.

3) Create a private key for the server. From a command prompt, change directory to the \bin folder of OpenSSL and run a command such as this:openssl genrsa -out C:\Programs\jboss_4.2.1\server\lc_mysql\conf\rsa-private-key.pem 1024
The command will create a 1,024-bit RSA key and save it in the file rsa-private-key.pem

You will be prompted for several responses. The most important one is the full DNS name of the server (eg: server.company.com). The -nodes argument causes the key to be not encrypted.

Once complete, verify the self-signed certificate with a command such as this:openssl x509 -noout -subject -issuer -enddate -in C:\Programs\jboss_4.2.1\server\lc_mysql\conf\self-signed-cert.pem
In the output:
– the “subject” field’s value should be the full name of the server
– the “issuer” field’s value should also be the full name of the server since this is a self-signed certificate
– the “notAfter” field’s value will be the expiry date of the certificate (10 years from the date of its creation)

6) Make sure that the APR Listener’s SSLEngine attribute is set to “on”

7) Uncomment the SSL HTTP/1.1 Connector

8) Change the protocol to org.apache.coyote.http11.Http11AprProtocol

9) Add two additional attributes to the Connector, SSLCertificateKeyFile and SSLCertificateFile (these paths would be different for you).
SSLCertificateKeyFile=”C:\Programs\jboss_4.2.1\server\lc_mysql\conf\rsa-private-key.pem”
SSLCertificateFile=”C:\Programs\jboss_4.2.1\server\lc_mysql\conf\self-signed-cert.pem”

10) Save server.xml and re-start JBoss

11) Make sure that you can now connect to the LiveCycle AdminUI https://server.company.com:8443/adminui
The browser will complain about the fact this is a self-signed certificate.

Test connecting to the server using SSL from a command line with this command:openssl s_client -showcerts -connect server.company.com:8443
Ctrl-C will terminate the connection and return you to the command prompt.

VN:F [1.9.22_1171]

Was this helpful? Please rate the content.

please wait...

Rating: 9.0/10 (3 votes cast)

Creating SSL Keys and Certificates Using OpenSSL, 9.0 out of 10 based on 3 ratings

How to Generate RSA keypair? Need to use the public key and private key for login authentication. If Private key encrypt the data of password the public key should decrypt the password for the same. How to develop in C++ or MFC.